Weekly Vulnerabilities Reports > February 7 to 13, 2000
11 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 13 products from 12 vendors including SCO, Cisco, Axis, Oracle, and Openbsd. Vulnerabilities are notably categorized as .
- 8 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities are exploitable by an anonymous user.
- SCO has the most reported vulnerabilities, with 2 reported vulnerabilities.
- Infopop has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
|2000-02-11||CVE-2000-0141||Infopop|| Unspecified vulnerability in Infopop Ultimate Bulletin Board 5.43 |
Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.
4 High Vulnerabilities
|2000-02-12||CVE-2000-0150|| Checkpoint |
|Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.|| |
|2000-02-08||CVE-2000-0148||Oracle|| Unspecified vulnerability in Oracle Mysql |
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.
|2000-02-07||CVE-2000-0144||Axis|| Unspecified vulnerability in Axis 700 Network Document Server |
Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a ..
|2000-02-08||CVE-2000-0215||SCO|| Unspecified vulnerability in SCO Unixware |
Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges.
5 Medium Vulnerabilities
|2000-02-11||CVE-2000-0142||Netopia|| Unspecified vulnerability in Netopia Timbuktu PRO 2.0/5.2.1 |
The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417.
|2000-02-10||CVE-2000-0140||True North|| Unspecified vulnerability in True North Internet Anywhere Mail Server 3.1.3 |
Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections.
|2000-02-08||CVE-2000-0149||Zeus Technologies|| Unspecified vulnerability in Zeus Technologies Zeus web Server |
Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.
|2000-02-07||CVE-2000-0146||Novell|| Unspecified vulnerability in Novell Groupwise 5.5 |
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.
|2000-02-11||CVE-2000-0143|| Openbsd |
| Local Security vulnerability in SSH |
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.